Posted Oct 20, 2009 20:18 UTC (Tue) by njs
In reply to: SELinux
Parent article: LPC: Three sessions from the security track
I'm not an SELinux user.
I am already familiar with
all internet traditions everything you're trying to tell me -- patronizing, much?
But fyi, if I didn't already know what you were trying to say, I'd never get it from your post. I said SELinux is intended to lock down programs, and you just respond "wrong, wrong, wrong" and bemoan your sad fate where idiots like me keep saying things that... well, are true, actually, SELinux *is* designed for locking down programs. It is, of course, very important that it does not and can not guarantee effectiveness (despite all those fancy formal models), and also doesn't address the most important modern desktop threat models, but you didn't actually *say* that.
I think it's absolutely a good thing to open people's eyes to a more nuanced view of security, involving actual discussion of threat models, mitigation versus provably secure, reality-based estimates of exposure, all that good stuff. But your posts seem more interested in showing how terribly ill-used you are than in making the world a better place and frankly, dude, I think grsec's goals are awesome and I still don't care about your personal feelings. Esp. when you're so willing to sacrifice nuance and accuracy (SELinux *has* mitigated attacks, for all its imperfections) on the altar of axe-grinding.
to post comments)